Network Security: Attacks and Controls

Network Security: Attacks and Controls

Natarajan Meghanathan (Jackson State University, USA)
Copyright: © 2014 |Pages: 30
DOI: 10.4018/978-1-4666-4789-3.ch011
OnDemand PDF Download:
List Price: $37.50


The focus of this chapter is two-fold: It first presents the classical network attacks (such as Session Hijacking, Man-in-the-Middle attack, DNS attacks, Distributed Denial of Service attacks, and other miscellaneous attacks), which have exploited the various vulnerabilities of computer networks in the past, and reviews the solutions that have been implemented since then to mitigate or reduce the chances of these attacks. The authors then present the different network security controls, including the protocols and standards (such as IPSec, Kerberos, Secure Shell, Transport Layer Security, Virtual Private Networks, Firewalls, and S/MIME) that have been adopted in modern day computer networks to control the incidence of attacks in modern day computer networks.
Chapter Preview

Introduction To Computer Networks

With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. Network security comprises of the measures adopted to protect the resources and integrity of a computer network. This section reviews the basics of computer networks and Internet in order to lay a strong foundation for the reader to understand the rest of this chapter on network security.

ISO-OSI Reference Model

The communication problem in computer networks can be defined as the task of transferring data entered by an application user in one system to an application user in another system through one or more intermediate networks (Comer, 2008). The communication problem is solved using a layered approach through a collection of protocols forming the so-called protocol suite. Each layer, dealing with a particular aspect of the communication problem, is implemented with a particular protocol and the protocols co-operate with each other to solve the entire communication problem. The Open Systems Interconnection (OSI) model (Zimmermann, 1980) is an abstract representation of the basic layers (as stated below and also shown in Figure 1, in top to bottom order) involved to solve the communication problem: Application, Presentation, Session, Transport, Network, Data-link and Physical layers.

Figure 1.

OSI model

The application layer specifies how one particular application uses a network and contacts the application program running on a remote machine. The presentation layer deals with the translation and/or representation of data at the two end hosts of the communication. The session layer is responsible for establishing a communication session with a remote system and it also handles security issues like password authentication before the application user can connect to the remote system. The transport layer provides end-to-end, reliable or best-effort, in-order data packet delivery along with support for flow control and congestion control. The network layer deals with forwarding data packets from the source to the destination nodes of the communication. The data-link layer deals with the organization of data into frames and provides reliable data delivery over the physical medium. The physical layer provides the encoding/decoding schemes and the modulation/demodulation schemes for the actual transmission of data, over the physical medium, as a sequence of bits of 1s and 0s.

TCP/IP Protocol Stack

The seven-layer OSI model is conceptual: it shows the different activities required for communication between application programs running in two different hosts. Its full implementation will result in excessive overhead and will lead to huge delays in data delivery at the destination (Comer, 2008). The TCP/IP (Transmission Control Protocol/ Internet Protocol) protocol stack (Stevens, 1994), shown in Figure 2, is the commonly used model for wide area communications, like the Internet. The TCP/IP protocol stack is composed of the Application, Transport, Internet and the Link layers (from top to bottom). The application layer of the TCP/IP model is in-charge of the responsibilities of the application, presentation and session layers of the OSI model. The transport layer of the TCP/IP model is similar to the transport layer of the OSI model. The Internet layer takes care of addressing and routing the data packets across different heterogeneous networks. Each machine and router in the Internet has a unique IP address. The link layer of the TCP/IP model combines the functionalities of the data-link layer and physical layer of the OSI model. The link layer supports the organization of data into frames and their encoding/decoding mechanisms. The structure and transmission of the frames depends on the topology and hardware technology (like Ethernet, Token Ring and etc) used for the network. A data packet is referred to as segment, datagram and frame at the transport, Internet and the link layers respectively.

Figure 2.

TCP/IP protocol stack and the structure of a data packet

Complete Chapter List

Search this Book: